Using the Internet, people can access software applications such as banking applications, airline reservation systems, corporate email and business applications, etc., from virtually anywhere. While this provides convenient access to people to the information they need, any vulnerabilities in a software application may also be exposed to any user remotely accessing the software. Some users may accidently or intentionally exploit these vulnerabilities. For example, they may retrieve information without authorization, may change such information, cause an unauthorized change in behavior the software application, or may stop its operation altogether.
One way to prevent such unauthorized access is to provide a firewall around a software application. Application firewalls are typically designed to protect an application against attack or the exploitation of vulnerabilities in the application. To do so the firewalls often require a complex configuration based on, at least in part, a number of selectable, tunable parameters. If the number of configuration parameters is large, manually fine tuning a configuration such that it prevents substantially all attacks while allowing substantially all legitimate access can require significant skill, and can be error prone, if not infeasible. In fact, many web application firewalls are typically misconfigured, i.e., they are either too restrictive, blocking legitimate user activity, or not restrictive enough, allowing attackers to exploit vulnerabilities. Such misconfiguration can significantly limit the usefulness and value of an application firewall and the associated application. Therefore, there is a need for an improved system and/or method for protection of software applications.